Certificate Authority Service roles and permissions

This page lists the IAM roles and permissions for Certificate Authority Service. To search through all roles and permissions, see the role and permission index .

Certificate Authority Service roles

Role

Permissions

CA Service Admin

( roles/ privateca.admin )

Full access to all CA Service resources.

privateca.*

privateca.caPools.create
privateca. caPools. createTagBinding
privateca.caPools.delete
privateca. caPools. deleteTagBinding
privateca.caPools.get
privateca.caPools.getIamPolicy
privateca.caPools.list
privateca. caPools. listEffectiveTags
privateca. caPools. listTagBindings
privateca.caPools.setIamPolicy
privateca.caPools.update
privateca.caPools.use
privateca. certificateAuthorities. create
privateca. certificateAuthorities. delete
privateca. certificateAuthorities. get
privateca. certificateAuthorities. getIamPolicy
privateca. certificateAuthorities. list
privateca. certificateAuthorities. setIamPolicy
privateca. certificateAuthorities. update
privateca. certificateRevocationLists. create
privateca. certificateRevocationLists. get
privateca. certificateRevocationLists. getIamPolicy
privateca. certificateRevocationLists. list
privateca. certificateRevocationLists. setIamPolicy
privateca. certificateRevocationLists. update
privateca. certificateTemplates. create
privateca. certificateTemplates. createTagBinding
privateca. certificateTemplates. delete
privateca. certificateTemplates. deleteTagBinding
privateca. certificateTemplates. get
privateca. certificateTemplates. getIamPolicy
privateca. certificateTemplates. list
privateca. certificateTemplates. listEffectiveTags
privateca. certificateTemplates. listTagBindings
privateca. certificateTemplates. setIamPolicy
privateca. certificateTemplates. update
privateca. certificateTemplates. use
privateca.certificates.create
privateca. certificates. createForSelf
privateca.certificates.get
privateca. certificates. getIamPolicy
privateca.certificates.list
privateca. certificates. setIamPolicy
privateca.certificates.update
privateca.locations.get
privateca.locations.list
privateca.operations.cancel
privateca.operations.delete
privateca.operations.get
privateca.operations.list
privateca. reusableConfigs. create
privateca. reusableConfigs. delete
privateca.reusableConfigs.get
privateca. reusableConfigs. getIamPolicy
privateca.reusableConfigs.list
privateca. reusableConfigs. setIamPolicy
privateca. reusableConfigs. update

resourcemanager.projects.get

resourcemanager.projects.list

storage.buckets.create

CA Service Auditor

( roles/ privateca.auditor )

Read-only access to all CA Service resources.

privateca.caPools.get

privateca.caPools.getIamPolicy

privateca.caPools.list

privateca. certificateAuthorities. get

privateca. certificateAuthorities. getIamPolicy

privateca. certificateAuthorities. list

privateca. certificateRevocationLists. get

privateca. certificateRevocationLists. getIamPolicy

privateca. certificateRevocationLists. list

privateca. certificateTemplates. get

privateca. certificateTemplates. getIamPolicy

privateca. certificateTemplates. list

privateca.certificates.get

privateca. certificates. getIamPolicy

privateca.certificates.list

privateca.locations.*

privateca.locations.get
privateca.locations.list

privateca.operations.get

privateca.operations.list

privateca.reusableConfigs.get

privateca. reusableConfigs. getIamPolicy

privateca.reusableConfigs.list

resourcemanager.projects.get

resourcemanager.projects.list

CA Service Operation Manager

( roles/ privateca.caManager )

Create and manage CAs, revoke certificates, create certificates templates, and read-only access for CA Service resources.

privateca.caPools.create

privateca. caPools. createTagBinding

privateca.caPools.delete

privateca. caPools. deleteTagBinding

privateca.caPools.get

privateca.caPools.getIamPolicy

privateca.caPools.list

privateca. caPools. listEffectiveTags

privateca. caPools. listTagBindings

privateca.caPools.update

privateca. certificateAuthorities. create

privateca. certificateAuthorities. delete

privateca. certificateAuthorities. get

privateca. certificateAuthorities. getIamPolicy

privateca. certificateAuthorities. list

privateca. certificateAuthorities. update

privateca. certificateRevocationLists. get

privateca. certificateRevocationLists. getIamPolicy

privateca. certificateRevocationLists. list

privateca. certificateRevocationLists. update

privateca. certificateTemplates. create

privateca. certificateTemplates. createTagBinding

privateca. certificateTemplates. delete

privateca. certificateTemplates. deleteTagBinding

privateca. certificateTemplates. get

privateca. certificateTemplates. getIamPolicy

privateca. certificateTemplates. list

privateca. certificateTemplates. listEffectiveTags

privateca. certificateTemplates. listTagBindings

privateca. certificateTemplates. update

privateca.certificates.get

privateca. certificates. getIamPolicy

privateca.certificates.list

privateca.certificates.update

privateca.locations.*

privateca.locations.get
privateca.locations.list

privateca.operations.get

privateca.operations.list

privateca. reusableConfigs. create

privateca. reusableConfigs. delete

privateca.reusableConfigs.get

privateca. reusableConfigs. getIamPolicy

privateca.reusableConfigs.list

privateca. reusableConfigs. update

resourcemanager.projects.get

resourcemanager.projects.list

storage.buckets.create

CA Service Certificate Manager

( roles/ privateca.certificateManager )

Create certificates and read-only access for CA Service resources.

privateca.caPools.get

privateca.caPools.getIamPolicy

privateca.caPools.list

privateca. caPools. listEffectiveTags

privateca. caPools. listTagBindings

privateca. certificateAuthorities. get

privateca. certificateAuthorities. getIamPolicy

privateca. certificateAuthorities. list

privateca. certificateRevocationLists. get

privateca. certificateRevocationLists. getIamPolicy

privateca. certificateRevocationLists. list

privateca. certificateTemplates. get

privateca. certificateTemplates. getIamPolicy

privateca. certificateTemplates. list

privateca. certificateTemplates. listEffectiveTags

privateca. certificateTemplates. listTagBindings

privateca.certificates.create

privateca.certificates.get

privateca. certificates. getIamPolicy

privateca.certificates.list

privateca.locations.*

privateca.locations.get
privateca.locations.list

privateca.operations.get

privateca.operations.list

privateca.reusableConfigs.get

privateca. reusableConfigs. getIamPolicy

privateca.reusableConfigs.list

resourcemanager.projects.get

resourcemanager.projects.list

CA Service Certificate Requester

( roles/ privateca.certificateRequester )

Request certificates from CA Service.

privateca.certificates.create

Privateca Editor

( roles/ privateca.editor )

Editor role for privateca

privateca.caPools.create

privateca.caPools.delete

privateca.caPools.get

privateca.caPools.getIamPolicy

privateca.caPools.list

privateca. caPools. listEffectiveTags

privateca. caPools. listTagBindings

privateca.caPools.update

privateca.caPools.use

privateca. certificateAuthorities. create

privateca. certificateAuthorities. delete

privateca. certificateAuthorities. get

privateca. certificateAuthorities. getIamPolicy

privateca. certificateAuthorities. list

privateca. certificateAuthorities. update

privateca. certificateRevocationLists. create

privateca. certificateRevocationLists. get

privateca. certificateRevocationLists. getIamPolicy

privateca. certificateRevocationLists. list

privateca. certificateRevocationLists. update

privateca. certificateTemplates. create

privateca. certificateTemplates. delete

privateca. certificateTemplates. get

privateca. certificateTemplates. getIamPolicy

privateca. certificateTemplates. list

privateca. certificateTemplates. listEffectiveTags

privateca. certificateTemplates. listTagBindings

privateca. certificateTemplates. update

privateca. certificateTemplates. use

privateca.certificates.create

privateca. certificates. createForSelf

privateca.certificates.get

privateca. certificates. getIamPolicy

privateca.certificates.list

privateca.certificates.update

privateca.locations.*

privateca.locations.get
privateca.locations.list

privateca.operations.*

privateca.operations.cancel
privateca.operations.delete
privateca.operations.get
privateca.operations.list

privateca. reusableConfigs. create

privateca. reusableConfigs. delete

privateca.reusableConfigs.get

privateca. reusableConfigs. getIamPolicy

privateca.reusableConfigs.list

privateca. reusableConfigs. update

resourcemanager.projects.get

resourcemanager.projects.list

CA Service Pool Reader

( roles/ privateca.poolReader )

Read CA Pools in CA Service.

privateca.caPools.get

CA Service Certificate Template User

( roles/ privateca.templateUser )

Read, list and use certificate templates.

privateca. certificateTemplates. get

privateca. certificateTemplates. list

privateca. certificateTemplates. use

Privateca Viewer

( roles/ privateca.viewer )

Viewer role for privateca

privateca.caPools.get

privateca.caPools.getIamPolicy

privateca.caPools.list

privateca. caPools. listEffectiveTags

privateca. caPools. listTagBindings

privateca. certificateAuthorities. get

privateca. certificateAuthorities. getIamPolicy

privateca. certificateAuthorities. list

privateca. certificateRevocationLists. get

privateca. certificateRevocationLists. getIamPolicy

privateca. certificateRevocationLists. list

privateca. certificateTemplates. get

privateca. certificateTemplates. getIamPolicy

privateca. certificateTemplates. list

privateca. certificateTemplates. listEffectiveTags

privateca. certificateTemplates. listTagBindings

privateca. certificateTemplates. use

privateca.certificates.get

privateca. certificates. getIamPolicy

privateca.certificates.list

privateca.locations.*

privateca.locations.get
privateca.locations.list

privateca.operations.get

privateca.operations.list

privateca.reusableConfigs.get

privateca. reusableConfigs. getIamPolicy

privateca.reusableConfigs.list

resourcemanager.projects.get

resourcemanager.projects.list

CA Service Workload Certificate Requester

( roles/ privateca.workloadCertificateRequester )

Request certificates from CA Service with caller's identity.

privateca. certificates. createForSelf

Certificate Authority Service permissions

Permission

Included in roles

`privateca.caPools.create`

Owner ( roles/ owner )

Editor ( roles/ editor )

CA Service Admin ( roles/ privateca.admin )

CA Service Operation Manager ( roles/ privateca.caManager )

Privateca Editor ( roles/ privateca.editor )

`privateca. caPools. createTagBinding`

Owner ( roles/ owner )

DLP Organization Data Profiles Driver ( roles/ dlp.orgdriver )

DLP Project Data Profiles Driver ( roles/ dlp.projectdriver )

CA Service Admin ( roles/ privateca.admin )

CA Service Operation Manager ( roles/ privateca.caManager )

Tag User ( roles/ resourcemanager.tagUser )

`privateca.caPools.delete`

Owner ( roles/ owner )

Editor ( roles/ editor )

CA Service Admin ( roles/ privateca.admin )

CA Service Operation Manager ( roles/ privateca.caManager )

Privateca Editor ( roles/ privateca.editor )

`privateca. caPools. deleteTagBinding`

Owner ( roles/ owner )

DLP Organization Data Profiles Driver ( roles/ dlp.orgdriver )

DLP Project Data Profiles Driver ( roles/ dlp.projectdriver )

CA Service Admin ( roles/ privateca.admin )

CA Service Operation Manager ( roles/ privateca.caManager )

Tag User ( roles/ resourcemanager.tagUser )

`privateca.caPools.get`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

Support User ( roles/ iam.supportUser )

CA Service Admin ( roles/ privateca.admin )

CA Service Auditor ( roles/ privateca.auditor )

CA Service Operation Manager ( roles/ privateca.caManager )

CA Service Certificate Manager ( roles/ privateca.certificateManager )

Privateca Editor ( roles/ privateca.editor )

CA Service Pool Reader ( roles/ privateca.poolReader )

Privateca Viewer ( roles/ privateca.viewer )

Service agent roles

Managed Kafka Service Agent ( roles/ managedkafka.serviceAgent )

`privateca.caPools.getIamPolicy`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

Security Admin ( roles/ iam.securityAdmin )

Security Auditor ( roles/ iam.securityAuditor )

Security Reviewer ( roles/ iam.securityReviewer )

Support User ( roles/ iam.supportUser )

CA Service Admin ( roles/ privateca.admin )

CA Service Auditor ( roles/ privateca.auditor )

CA Service Operation Manager ( roles/ privateca.caManager )

CA Service Certificate Manager ( roles/ privateca.certificateManager )

Privateca Editor ( roles/ privateca.editor )

Privateca Viewer ( roles/ privateca.viewer )

`privateca.caPools.list`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

Security Admin ( roles/ iam.securityAdmin )

Security Auditor ( roles/ iam.securityAuditor )

Security Reviewer ( roles/ iam.securityReviewer )

Support User ( roles/ iam.supportUser )

CA Service Admin ( roles/ privateca.admin )

CA Service Auditor ( roles/ privateca.auditor )

CA Service Operation Manager ( roles/ privateca.caManager )

CA Service Certificate Manager ( roles/ privateca.certificateManager )

Privateca Editor ( roles/ privateca.editor )

Privateca Viewer ( roles/ privateca.viewer )

`privateca. caPools. listEffectiveTags`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

DLP Organization Data Profiles Driver ( roles/ dlp.orgdriver )

DLP Project Data Profiles Driver ( roles/ dlp.projectdriver )

Security Auditor ( roles/ iam.securityAuditor )

Support User ( roles/ iam.supportUser )

CA Service Admin ( roles/ privateca.admin )

CA Service Operation Manager ( roles/ privateca.caManager )

CA Service Certificate Manager ( roles/ privateca.certificateManager )

Privateca Editor ( roles/ privateca.editor )

Privateca Viewer ( roles/ privateca.viewer )

Tag User ( roles/ resourcemanager.tagUser )

Tag Viewer ( roles/ resourcemanager.tagViewer )

`privateca. caPools. listTagBindings`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

DLP Organization Data Profiles Driver ( roles/ dlp.orgdriver )

DLP Project Data Profiles Driver ( roles/ dlp.projectdriver )

Security Auditor ( roles/ iam.securityAuditor )

Support User ( roles/ iam.supportUser )

CA Service Admin ( roles/ privateca.admin )

CA Service Operation Manager ( roles/ privateca.caManager )

CA Service Certificate Manager ( roles/ privateca.certificateManager )

Privateca Editor ( roles/ privateca.editor )

Privateca Viewer ( roles/ privateca.viewer )

Tag User ( roles/ resourcemanager.tagUser )

Tag Viewer ( roles/ resourcemanager.tagViewer )

`privateca.caPools.setIamPolicy`

Owner ( roles/ owner )

Security Admin ( roles/ iam.securityAdmin )

CA Service Admin ( roles/ privateca.admin )

`privateca.caPools.update`

Owner ( roles/ owner )

Editor ( roles/ editor )

CA Service Admin ( roles/ privateca.admin )

CA Service Operation Manager ( roles/ privateca.caManager )

Privateca Editor ( roles/ privateca.editor )

`privateca.caPools.use`

Owner ( roles/ owner )

Editor ( roles/ editor )

CA Service Admin ( roles/ privateca.admin )

Privateca Editor ( roles/ privateca.editor )

`privateca. certificateAuthorities. create`

Owner ( roles/ owner )

Editor ( roles/ editor )

CA Service Admin ( roles/ privateca.admin )

CA Service Operation Manager ( roles/ privateca.caManager )

Privateca Editor ( roles/ privateca.editor )

`privateca. certificateAuthorities. delete`

Owner ( roles/ owner )

Editor ( roles/ editor )

CA Service Admin ( roles/ privateca.admin )

CA Service Operation Manager ( roles/ privateca.caManager )

Privateca Editor ( roles/ privateca.editor )

`privateca. certificateAuthorities. get`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

Support User ( roles/ iam.supportUser )

CA Service Admin ( roles/ privateca.admin )

CA Service Auditor ( roles/ privateca.auditor )

CA Service Operation Manager ( roles/ privateca.caManager )

CA Service Certificate Manager ( roles/ privateca.certificateManager )

Privateca Editor ( roles/ privateca.editor )

Privateca Viewer ( roles/ privateca.viewer )

`privateca. certificateAuthorities. getIamPolicy`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

Security Admin ( roles/ iam.securityAdmin )

Security Auditor ( roles/ iam.securityAuditor )

Security Reviewer ( roles/ iam.securityReviewer )

Support User ( roles/ iam.supportUser )

CA Service Admin ( roles/ privateca.admin )

CA Service Auditor ( roles/ privateca.auditor )

CA Service Operation Manager ( roles/ privateca.caManager )

CA Service Certificate Manager ( roles/ privateca.certificateManager )

Privateca Editor ( roles/ privateca.editor )

Privateca Viewer ( roles/ privateca.viewer )

`privateca. certificateAuthorities. list`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

Security Admin ( roles/ iam.securityAdmin )

Security Auditor ( roles/ iam.securityAuditor )

Security Reviewer ( roles/ iam.securityReviewer )

Support User ( roles/ iam.supportUser )

CA Service Admin ( roles/ privateca.admin )

CA Service Auditor ( roles/ privateca.auditor )

CA Service Operation Manager ( roles/ privateca.caManager )

CA Service Certificate Manager ( roles/ privateca.certificateManager )

Privateca Editor ( roles/ privateca.editor )

Privateca Viewer ( roles/ privateca.viewer )

`privateca. certificateAuthorities. setIamPolicy`

Owner ( roles/ owner )

Security Admin ( roles/ iam.securityAdmin )

CA Service Admin ( roles/ privateca.admin )

`privateca. certificateAuthorities. update`

Owner ( roles/ owner )

Editor ( roles/ editor )

CA Service Admin ( roles/ privateca.admin )

CA Service Operation Manager ( roles/ privateca.caManager )

Privateca Editor ( roles/ privateca.editor )

`privateca. certificateRevocationLists. create`

Owner ( roles/ owner )

Editor ( roles/ editor )

CA Service Admin ( roles/ privateca.admin )

Privateca Editor ( roles/ privateca.editor )

`privateca. certificateRevocationLists. get`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

Support User ( roles/ iam.supportUser )

CA Service Admin ( roles/ privateca.admin )

CA Service Auditor ( roles/ privateca.auditor )

CA Service Operation Manager ( roles/ privateca.caManager )

CA Service Certificate Manager ( roles/ privateca.certificateManager )

Privateca Editor ( roles/ privateca.editor )

Privateca Viewer ( roles/ privateca.viewer )

`privateca. certificateRevocationLists. getIamPolicy`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

Security Admin ( roles/ iam.securityAdmin )

Security Auditor ( roles/ iam.securityAuditor )

Security Reviewer ( roles/ iam.securityReviewer )

Support User ( roles/ iam.supportUser )

CA Service Admin ( roles/ privateca.admin )

CA Service Auditor ( roles/ privateca.auditor )

CA Service Operation Manager ( roles/ privateca.caManager )

CA Service Certificate Manager ( roles/ privateca.certificateManager )

Privateca Editor ( roles/ privateca.editor )

Privateca Viewer ( roles/ privateca.viewer )

`privateca. certificateRevocationLists. list`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

Security Admin ( roles/ iam.securityAdmin )

Security Auditor ( roles/ iam.securityAuditor )

Security Reviewer ( roles/ iam.securityReviewer )

Support User ( roles/ iam.supportUser )

CA Service Admin ( roles/ privateca.admin )

CA Service Auditor ( roles/ privateca.auditor )

CA Service Operation Manager ( roles/ privateca.caManager )

CA Service Certificate Manager ( roles/ privateca.certificateManager )

Privateca Editor ( roles/ privateca.editor )

Privateca Viewer ( roles/ privateca.viewer )

`privateca. certificateRevocationLists. setIamPolicy`

Owner ( roles/ owner )

Security Admin ( roles/ iam.securityAdmin )

CA Service Admin ( roles/ privateca.admin )

`privateca. certificateRevocationLists. update`

Owner ( roles/ owner )

Editor ( roles/ editor )

CA Service Admin ( roles/ privateca.admin )

CA Service Operation Manager ( roles/ privateca.caManager )

Privateca Editor ( roles/ privateca.editor )

`privateca. certificateTemplates. create`

Owner ( roles/ owner )

Editor ( roles/ editor )

CA Service Admin ( roles/ privateca.admin )

CA Service Operation Manager ( roles/ privateca.caManager )

Privateca Editor ( roles/ privateca.editor )

`privateca. certificateTemplates. createTagBinding`

Owner ( roles/ owner )

DLP Organization Data Profiles Driver ( roles/ dlp.orgdriver )

DLP Project Data Profiles Driver ( roles/ dlp.projectdriver )

CA Service Admin ( roles/ privateca.admin )

CA Service Operation Manager ( roles/ privateca.caManager )

Tag User ( roles/ resourcemanager.tagUser )

`privateca. certificateTemplates. delete`

Owner ( roles/ owner )

Editor ( roles/ editor )

CA Service Admin ( roles/ privateca.admin )

CA Service Operation Manager ( roles/ privateca.caManager )

Privateca Editor ( roles/ privateca.editor )

`privateca. certificateTemplates. deleteTagBinding`

Owner ( roles/ owner )

DLP Organization Data Profiles Driver ( roles/ dlp.orgdriver )

DLP Project Data Profiles Driver ( roles/ dlp.projectdriver )

CA Service Admin ( roles/ privateca.admin )

CA Service Operation Manager ( roles/ privateca.caManager )

Tag User ( roles/ resourcemanager.tagUser )

`privateca. certificateTemplates. get`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

Support User ( roles/ iam.supportUser )

CA Service Admin ( roles/ privateca.admin )

CA Service Auditor ( roles/ privateca.auditor )

CA Service Operation Manager ( roles/ privateca.caManager )

CA Service Certificate Manager ( roles/ privateca.certificateManager )

Privateca Editor ( roles/ privateca.editor )

CA Service Certificate Template User ( roles/ privateca.templateUser )

Privateca Viewer ( roles/ privateca.viewer )

`privateca. certificateTemplates. getIamPolicy`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

Security Admin ( roles/ iam.securityAdmin )

Security Auditor ( roles/ iam.securityAuditor )

Security Reviewer ( roles/ iam.securityReviewer )

Support User ( roles/ iam.supportUser )

CA Service Admin ( roles/ privateca.admin )

CA Service Auditor ( roles/ privateca.auditor )

CA Service Operation Manager ( roles/ privateca.caManager )

CA Service Certificate Manager ( roles/ privateca.certificateManager )

Privateca Editor ( roles/ privateca.editor )

Privateca Viewer ( roles/ privateca.viewer )

`privateca. certificateTemplates. list`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

Security Admin ( roles/ iam.securityAdmin )

Security Auditor ( roles/ iam.securityAuditor )

Security Reviewer ( roles/ iam.securityReviewer )

Support User ( roles/ iam.supportUser )

CA Service Admin ( roles/ privateca.admin )

CA Service Auditor ( roles/ privateca.auditor )

CA Service Operation Manager ( roles/ privateca.caManager )

CA Service Certificate Manager ( roles/ privateca.certificateManager )

Privateca Editor ( roles/ privateca.editor )

CA Service Certificate Template User ( roles/ privateca.templateUser )

Privateca Viewer ( roles/ privateca.viewer )

`privateca. certificateTemplates. listEffectiveTags`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

DLP Organization Data Profiles Driver ( roles/ dlp.orgdriver )

DLP Project Data Profiles Driver ( roles/ dlp.projectdriver )

Security Auditor ( roles/ iam.securityAuditor )

Support User ( roles/ iam.supportUser )

CA Service Admin ( roles/ privateca.admin )

CA Service Operation Manager ( roles/ privateca.caManager )

CA Service Certificate Manager ( roles/ privateca.certificateManager )

Privateca Editor ( roles/ privateca.editor )

Privateca Viewer ( roles/ privateca.viewer )

Tag User ( roles/ resourcemanager.tagUser )

Tag Viewer ( roles/ resourcemanager.tagViewer )

`privateca. certificateTemplates. listTagBindings`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

DLP Organization Data Profiles Driver ( roles/ dlp.orgdriver )

DLP Project Data Profiles Driver ( roles/ dlp.projectdriver )

Security Auditor ( roles/ iam.securityAuditor )

Support User ( roles/ iam.supportUser )

CA Service Admin ( roles/ privateca.admin )

CA Service Operation Manager ( roles/ privateca.caManager )

CA Service Certificate Manager ( roles/ privateca.certificateManager )

Privateca Editor ( roles/ privateca.editor )

Privateca Viewer ( roles/ privateca.viewer )

Tag User ( roles/ resourcemanager.tagUser )

Tag Viewer ( roles/ resourcemanager.tagViewer )

`privateca. certificateTemplates. setIamPolicy`

Owner ( roles/ owner )

Security Admin ( roles/ iam.securityAdmin )

CA Service Admin ( roles/ privateca.admin )

`privateca. certificateTemplates. update`

Owner ( roles/ owner )

Editor ( roles/ editor )

CA Service Admin ( roles/ privateca.admin )

CA Service Operation Manager ( roles/ privateca.caManager )

Privateca Editor ( roles/ privateca.editor )

`privateca. certificateTemplates. use`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

Support User ( roles/ iam.supportUser )

CA Service Admin ( roles/ privateca.admin )

Privateca Editor ( roles/ privateca.editor )

CA Service Certificate Template User ( roles/ privateca.templateUser )

Privateca Viewer ( roles/ privateca.viewer )

`privateca.certificates.create`

Owner ( roles/ owner )

Editor ( roles/ editor )

CA Service Admin ( roles/ privateca.admin )

CA Service Certificate Manager ( roles/ privateca.certificateManager )

CA Service Certificate Requester ( roles/ privateca.certificateRequester )

Privateca Editor ( roles/ privateca.editor )

`privateca. certificates. createForSelf`

Owner ( roles/ owner )

Editor ( roles/ editor )

CA Service Admin ( roles/ privateca.admin )

Privateca Editor ( roles/ privateca.editor )

CA Service Workload Certificate Requester ( roles/ privateca.workloadCertificateRequester )

`privateca.certificates.get`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

Support User ( roles/ iam.supportUser )

CA Service Admin ( roles/ privateca.admin )

CA Service Auditor ( roles/ privateca.auditor )

CA Service Operation Manager ( roles/ privateca.caManager )

CA Service Certificate Manager ( roles/ privateca.certificateManager )

Privateca Editor ( roles/ privateca.editor )

Privateca Viewer ( roles/ privateca.viewer )

`privateca. certificates. getIamPolicy`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

Security Admin ( roles/ iam.securityAdmin )

Security Auditor ( roles/ iam.securityAuditor )

Security Reviewer ( roles/ iam.securityReviewer )

Support User ( roles/ iam.supportUser )

CA Service Admin ( roles/ privateca.admin )

CA Service Auditor ( roles/ privateca.auditor )

CA Service Operation Manager ( roles/ privateca.caManager )

CA Service Certificate Manager ( roles/ privateca.certificateManager )

Privateca Editor ( roles/ privateca.editor )

Privateca Viewer ( roles/ privateca.viewer )

`privateca.certificates.list`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

Security Admin ( roles/ iam.securityAdmin )

Security Auditor ( roles/ iam.securityAuditor )

Security Reviewer ( roles/ iam.securityReviewer )

Support User ( roles/ iam.supportUser )

CA Service Admin ( roles/ privateca.admin )

CA Service Auditor ( roles/ privateca.auditor )

CA Service Operation Manager ( roles/ privateca.caManager )

CA Service Certificate Manager ( roles/ privateca.certificateManager )

Privateca Editor ( roles/ privateca.editor )

Privateca Viewer ( roles/ privateca.viewer )

Service agent roles

Cloud Security Compliance Service Agent ( roles/ cloudsecuritycompliance.serviceAgent )
Audit Manager Auditing Service Agent ( roles/ auditmanager.serviceAgent )

`privateca. certificates. setIamPolicy`

Owner ( roles/ owner )

Security Admin ( roles/ iam.securityAdmin )

CA Service Admin ( roles/ privateca.admin )

`privateca.certificates.update`

Owner ( roles/ owner )

Editor ( roles/ editor )

CA Service Admin ( roles/ privateca.admin )

CA Service Operation Manager ( roles/ privateca.caManager )

Privateca Editor ( roles/ privateca.editor )

`privateca.locations.get`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

Support User ( roles/ iam.supportUser )

CA Service Admin ( roles/ privateca.admin )

CA Service Auditor ( roles/ privateca.auditor )

CA Service Operation Manager ( roles/ privateca.caManager )

CA Service Certificate Manager ( roles/ privateca.certificateManager )

Privateca Editor ( roles/ privateca.editor )

Privateca Viewer ( roles/ privateca.viewer )

`privateca.locations.list`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

Security Admin ( roles/ iam.securityAdmin )

Security Auditor ( roles/ iam.securityAuditor )

Security Reviewer ( roles/ iam.securityReviewer )

Support User ( roles/ iam.supportUser )

CA Service Admin ( roles/ privateca.admin )

CA Service Auditor ( roles/ privateca.auditor )

CA Service Operation Manager ( roles/ privateca.caManager )

CA Service Certificate Manager ( roles/ privateca.certificateManager )

Privateca Editor ( roles/ privateca.editor )

Privateca Viewer ( roles/ privateca.viewer )

`privateca.operations.cancel`

Owner ( roles/ owner )

Editor ( roles/ editor )

CA Service Admin ( roles/ privateca.admin )

Privateca Editor ( roles/ privateca.editor )

`privateca.operations.delete`

Owner ( roles/ owner )

Editor ( roles/ editor )

CA Service Admin ( roles/ privateca.admin )

Privateca Editor ( roles/ privateca.editor )

`privateca.operations.get`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

Support User ( roles/ iam.supportUser )

CA Service Admin ( roles/ privateca.admin )

CA Service Auditor ( roles/ privateca.auditor )

CA Service Operation Manager ( roles/ privateca.caManager )

CA Service Certificate Manager ( roles/ privateca.certificateManager )

Privateca Editor ( roles/ privateca.editor )

Privateca Viewer ( roles/ privateca.viewer )

`privateca.operations.list`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

Security Admin ( roles/ iam.securityAdmin )

Security Auditor ( roles/ iam.securityAuditor )

Security Reviewer ( roles/ iam.securityReviewer )

Support User ( roles/ iam.supportUser )

CA Service Admin ( roles/ privateca.admin )

CA Service Auditor ( roles/ privateca.auditor )

CA Service Operation Manager ( roles/ privateca.caManager )

CA Service Certificate Manager ( roles/ privateca.certificateManager )

Privateca Editor ( roles/ privateca.editor )

Privateca Viewer ( roles/ privateca.viewer )

`privateca. reusableConfigs. create`

Owner ( roles/ owner )

Editor ( roles/ editor )

CA Service Admin ( roles/ privateca.admin )

CA Service Operation Manager ( roles/ privateca.caManager )

Privateca Editor ( roles/ privateca.editor )

`privateca. reusableConfigs. delete`

Owner ( roles/ owner )

Editor ( roles/ editor )

CA Service Admin ( roles/ privateca.admin )

CA Service Operation Manager ( roles/ privateca.caManager )

Privateca Editor ( roles/ privateca.editor )

`privateca.reusableConfigs.get`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

Support User ( roles/ iam.supportUser )

CA Service Admin ( roles/ privateca.admin )

CA Service Auditor ( roles/ privateca.auditor )

CA Service Operation Manager ( roles/ privateca.caManager )

CA Service Certificate Manager ( roles/ privateca.certificateManager )

Privateca Editor ( roles/ privateca.editor )

Privateca Viewer ( roles/ privateca.viewer )

`privateca. reusableConfigs. getIamPolicy`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

Security Admin ( roles/ iam.securityAdmin )

Security Auditor ( roles/ iam.securityAuditor )

Security Reviewer ( roles/ iam.securityReviewer )

Support User ( roles/ iam.supportUser )

CA Service Admin ( roles/ privateca.admin )

CA Service Auditor ( roles/ privateca.auditor )

CA Service Operation Manager ( roles/ privateca.caManager )

CA Service Certificate Manager ( roles/ privateca.certificateManager )

Privateca Editor ( roles/ privateca.editor )

Privateca Viewer ( roles/ privateca.viewer )

`privateca.reusableConfigs.list`

Owner ( roles/ owner )

Editor ( roles/ editor )

Viewer ( roles/ viewer )

Security Admin ( roles/ iam.securityAdmin )

Security Auditor ( roles/ iam.securityAuditor )

Security Reviewer ( roles/ iam.securityReviewer )

Support User ( roles/ iam.supportUser )

CA Service Admin ( roles/ privateca.admin )

CA Service Auditor ( roles/ privateca.auditor )

CA Service Operation Manager ( roles/ privateca.caManager )

CA Service Certificate Manager ( roles/ privateca.certificateManager )

Privateca Editor ( roles/ privateca.editor )

Privateca Viewer ( roles/ privateca.viewer )

`privateca. reusableConfigs. setIamPolicy`

Owner ( roles/ owner )

Security Admin ( roles/ iam.securityAdmin )

CA Service Admin ( roles/ privateca.admin )

`privateca. reusableConfigs. update`

Owner ( roles/ owner )

Editor ( roles/ editor )

CA Service Admin ( roles/ privateca.admin )

CA Service Operation Manager ( roles/ privateca.caManager )

Privateca Editor ( roles/ privateca.editor )

Certificate Authority Service roles and permissions Stay organized with collections Save and categorize content based on your preferences.